仅当用户使用 Laravel 处于活动状态时才登录 [英] Login only if user is active using Laravel

问题描述

我目前正在开发我的 Laravel 应用程序，为了防止垃圾邮件，我决定只有活跃用户才能登录.我目前正在使用 Laravel 的登录系统，就像在 Laravel 的官网教程中一样，这是我的表单操作:

I'm currently working on my Laravel app and to prevent spam I decided that only active users are able to login. I'm currently using Laravel's login system just like in Laravel's official website tutorial, here's my form action:

<form class="form-horizontal" role="form" method="POST" action="{{ url('/auth/login') }}">

这完全没问题，但是我想检查用户的活动状态，如果不是活动状态，它将被重定向到激活页面，否则它将登录.有没有一种简单的方法可以做到这一点，还是我有义务制作新的控制器、路由和更多验证?谢谢.

This works completely fine, however I'd like to check the user's active, if not active it would be redirected to the activation page, otherwise it would login. Is there a simple way to do this or am I obligated to make a new controller, routes and more verifications? Thank you.

忘记提及我的数据库中有一个活动"列.

Forgot to mention that I have a 'active' column in my database.

推荐答案

Laravel 5.4/5.5

通过将这个函数放在你的 LoginController 中来覆盖默认的 login() 函数:

Laravel 5.4 / 5.5

Override the default login() function by placing this function in your LoginController:

public function login(IlluminateHttpRequest $request) {
    $this->validateLogin($request);

    // If the class is using the ThrottlesLogins trait, we can automatically throttle
    // the login attempts for this application. We'll key this by the username and
    // the IP address of the client making these requests into this application.
    if ($this->hasTooManyLoginAttempts($request)) {
        $this->fireLockoutEvent($request);
        return $this->sendLockoutResponse($request);
    }

    // This section is the only change
    if ($this->guard()->validate($this->credentials($request))) {
        $user = $this->guard()->getLastAttempted();

        // Make sure the user is active
        if ($user->active && $this->attemptLogin($request)) {
            // Send the normal successful login response
            return $this->sendLoginResponse($request);
        } else {
            // Increment the failed login attempts and redirect back to the
            // login form with an error message.
            $this->incrementLoginAttempts($request);
            return redirect()
                ->back()
                ->withInput($request->only($this->username(), 'remember'))
                ->withErrors(['active' => 'You must be active to login.']);
        }
    }

    // If the login attempt was unsuccessful we will increment the number of attempts
    // to login and redirect the user back to the login form. Of course, when this
    // user surpasses their maximum number of attempts they will get locked out.
    $this->incrementLoginAttempts($request);

    return $this->sendFailedLoginResponse($request);
}

建议以这种方式覆盖 login() 方法，而不是该问题的许多其他答案，因为它允许您仍然使用 Laravel 5.4+ 的许多更高级的身份验证功能，例如登录限制、多个身份验证保护驱动程序/提供程序等，同时仍允许您设置自定义错误消息.

Overriding the login() method in this way is recommended over many of the other answers on this question because it allows you to still use many of the more advanced authentication functionality of Laravel 5.4+ such as login throttling, multiple authentication guard drivers/providers, etc. while still allowing you to set a custom error message.

更改或覆盖 AuthController 中的 postLogin() 函数，如下所示:

Change or override your postLogin() function in your AuthController to look like this:

public function postLogin(Request $request)
{
    $this->validate($request, [
        'email' => 'required|email', 'password' => 'required',
    ]);

    $credentials = $this->getCredentials($request);

    // This section is the only change
    if (Auth::validate($credentials)) {
        $user = Auth::getLastAttempted();
        if ($user->active) {
            Auth::login($user, $request->has('remember'));
            return redirect()->intended($this->redirectPath());
        } else {
            return redirect($this->loginPath()) // Change this to redirect elsewhere
                ->withInput($request->only('email', 'remember'))
                ->withErrors([
                    'active' => 'You must be active to login.'
                ]);
        }
    }

    return redirect($this->loginPath())
        ->withInput($request->only('email', 'remember'))
        ->withErrors([
            'email' => $this->getFailedLoginMessage(),
        ]);

}

此代码重定向回登录页面，并显示有关用户处于非活动状态的错误消息.如果您想重定向到身份验证页面，您可以更改我用注释 将此更改为重定向到其他地方 标记的行.

This code redirects back to the login page with an error message about the user being inactive. If you want to redirect to an authentication page you would change the line I marked with the comment Change this to redirect elsewhere.

这篇关于仅当用户使用 Laravel 处于活动状态时才登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！